diff options
author | Joakim Erdfelt | 2015-02-23 21:57:22 +0000 |
---|---|---|
committer | Joakim Erdfelt | 2015-02-23 21:57:22 +0000 |
commit | 3e7b5f0fa918633ec24bd1bc23d6ee76d32c7729 (patch) | |
tree | e6766d38fc442b16284904636d6ba5aae2866442 /jetty-http/src | |
parent | 4df5647f6dfdc5fa7abb812afe9290d60b17c098 (diff) | |
download | org.eclipse.jetty.project-3e7b5f0fa918633ec24bd1bc23d6ee76d32c7729.tar.gz org.eclipse.jetty.project-3e7b5f0fa918633ec24bd1bc23d6ee76d32c7729.tar.xz org.eclipse.jetty.project-3e7b5f0fa918633ec24bd1bc23d6ee76d32c7729.zip |
460642 - HttpParser error 400 can expose previous buffer contents in HTTP status reason message
+ Simplifying behavior
Diffstat (limited to 'jetty-http/src')
-rw-r--r-- | jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java | 66 |
1 files changed, 3 insertions, 63 deletions
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java index cd660da660..13862d0c4c 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java @@ -1709,69 +1709,9 @@ public class HttpParser { private IllegalCharacterException(State state,byte ch,ByteBuffer buffer) { - super(String.format("Illegal character 0x%X in state=%s for buffer %s",ch,state,toDebugString(buffer))); - } - - /** - * This is an HttpParser safe version of {@link BufferUtil#toDetailString(ByteBuffer)}. - * <p> - * Which will only show the parsing state (what has been parsed, what is being parsed, and what is coming up), - * while not showing what is past the {@link ByteBuffer#limit()}. - * - * @param buffer - * @return - */ - private static String toDebugString(ByteBuffer buffer) - { - if (buffer == null) - { - return "<null>"; - } - - StringBuilder buf = new StringBuilder(); - - buf.append('"'); - - for (int i = 0; i < buffer.position(); i++) - { - appendContentChar(buf,buffer.get(i)); - if (i == 16 && buffer.position() > 32) - { - buf.append("..."); - i = buffer.position() - 16; - } - } - buf.append("<<<"); - for (int i = buffer.position(); i < buffer.limit(); i++) - { - appendContentChar(buf,buffer.get(i)); - if (i == buffer.position() + 16 && buffer.limit() > buffer.position() + 32) - { - buf.append("..."); - i = buffer.limit() - 16; - } - } - buf.append(">>>\""); - - // ignore content beyond limit() - - return buf.toString(); - } - - private static void appendContentChar(StringBuilder buf, byte b) - { - if (b == '\\') - buf.append("\\\\"); - else if (b >= ' ') - buf.append((char)b); - else if (b == '\r') - buf.append("\\r"); - else if (b == '\n') - buf.append("\\n"); - else if (b == '\t') - buf.append("\\t"); - else - buf.append("\\x").append(TypeUtil.toHexString(b)); + super(400,String.format("Illegal character 0x%X",ch)); + // Bug #460642 - don't reveal buffers to end user + LOG.warn(String.format("Illegal character 0x%X in state=%s for buffer %s",ch,state,BufferUtil.toDetailString(buffer))); } } } |